Friday, April 11, 2014
Companies Try To Patch The 'Heartbleed' Open SSL Bug

Web servers, network devices such as firewalls and gateways and even mobile phones are vulnerable to the "Heartbleed" Open SSL bug, with companies rallying to patch their products and services.

Hackers could crack email systems, security firewalls and possibly mobile phones through the bug, which surfaced late on Monday. The flaw in a widely used Web encryption program known as OpenSSL opened hundreds of thousands of websites to data theft.

Intel has already released patches for its Expressway Service Gateway and Expressway Tokenization Broker versions - R3.4, R4.5 and R5.1 but still, it has not yet patched the McAfee products.

Cisco Systems said on its website that it is reviewing dozens of products to see if they are safe. It confirmed that a TelePresence video conferencing server and a version of the IOS software for managing routers are vulnerable, adding that it would provide more information as it became available.

Oracle has not posted such an advisory on its support site.

Microsoft said in a statement that "a few services continue to be reviewed and updated with further protections."

Security experts said the vulnerable code is also found in some widely email server software, the online browser anonymizing tool Tor and OpenVPN, as well as some online games and software that runs Internet-connected devices such as webcams and mobile phones.

Jeff Forristal, chief technology officer of Bluebox Security, said that version 4.1.1 of Google's Android operating system, known as Jelly Bean, is also vulnerable. Google has not yet responded to the finding.